![]() ![]() ![]() In this case the nameserver's IP address is 192.168.2.1 and it's name is ns. The trailing dot is important, because it makes the name a FQDN (Fully Qualified Domain Name). Instead, copy it, edit nf, and use that copy. DO NOT EDIT THIS FILE - it is used for multiple zones. BIND reverse data file for empty rfc1918 zone The following listing shows the contents of db.empty, which is (after the previous step) the same as db. and db.192.168.2. You can copy the sample file db.empty and then just add your changes. These are the zones you defined previously in the file /etc/bind/. Then you have to create two zone files, one for the forward lookup zone (db.) and one for the reverse lookup zone (db.192.168.2). To configure this, just delete the line notify no. In case you use public addresses, you want your DNS to forward that information to public DNS servers. This is only useful if you use private addresses in your network. The option notify no stops named (the DNS daemon) from forwarding information about the local network to external DNS servers. To do so add the following to the file /etc/bind/: We will need a key declaration for our key, and two zone declarations - one for the forward lookup zone and one for the reverse lookup zone. ![]() In our example the clients in the domain will be assigned addresses on the 192.168.2.0/24 subnet. The DNS server must be configured to allow updates for each zone that the DHCP server will be updating. Install -o root -g root -m 0640 ddns.key /etc/dhcp/ddns.key Install -o root -g bind -m 0640 ddns.key /etc/bind/ddns.key Now create a new file (ddns.key) with the following content (don't forget to replace with your key):Ĭopy this file to /etc/bind/ and /etc/dhcp and adjust the file permissions as follows: Copy the key from the *.private file (the line with the key should look similar to this one:Įverything after "Key: " is the actual key. This will create two files, Kdhcp_updater.*.key and Kdhcp_updater.*.private. Root# dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE Only our DHCP server should be allowed to perform DNS record updates, not just anyone. We have to create a key, that will be used to secure the exchange of information between DHCP and DNS server. You can find information on how to do that at DHCP_Server and Bind9. You should already have a working DHCP and DNS server set up before following the below instructions. ![]()
0 Comments
Leave a Reply. |